Ssid Name "Any; Last-Resort Processing - Nortel 2360 Configuration Manual
Wlan-security switch 2300 series
Hide thumbs
Also See for 2360:
- Reference manual (480 pages) ,
- User manual (218 pages) ,
- Installation and basic configuration manual (172 pages)
Table of Contents
Advertisement
7
To install the administrative certificate on the WSS, type the following command to display a prompt:
WSS# crypto certificate admin
Enter PEM-encoded certificate
8
Paste the signed certificate text block into the WSS switch's CLI, below the prompt.
9
Display information about the certificate, to verify it:
WSS# show crypto certificate admin
10 Repeat
step 3
11 Obtain the CA's own certificate.
12 To install the CA's certificate on the WSS and help authenticate the switch's Admin certificate, type the
following command to display a prompt:
WSS# crypto ca-certificate admin
Enter PEM-encoded certificate
13 Paste the CA's signed certificate under the prompt.
14 Display information about the CA's certificate, to verify it:
WSS# show crypto ca-certificate admin
15 Repeat
step 12
SSID name "Any"
In authentication rules for wireless access, you can specify the name any for the SSID. This value is a wildcard that
matches on any SSID string requested by the user.
For 802.1X and Web-based AAA rules that match on SSID any, WSS Software checks the RADIUS servers or local
database for the username (and password, if applicable) entered by the user. If the user information matches, WSS
Software grants access to the SSID requested by the user, regardless of which SSID name it is.
For MAC authentication rules that match on SSID any, WSS Software checks the RADIUS servers or local database for
the MAC address (and password, if applicable) of the user's device. If the address matches, WSS Software grants access
to the SSID requested by the user, regardless of which SSID name it is.
Last-resort processing
One of the fallthru authentication types you can set on a service profile or wired authentication port is last-resort.
If no 802.1X or MAC access rules are configured for a service profile's SSID, and the SSID's fallthru type is last-resort,
WSS Software allows users onto the SSID or port without prompting for a username or password. The default authoriza-
tion attributes set on the SSID are applied to the user. For example, if the vlan-name attribute on the service profile is set
to guest-vlan, last-resort users are placed in guest-vlan.
If no 802.1X or MAC access rules are configured for wired, and the wired authentication port's fallthru type is
last-resort, WSS Software allows users onto the port without prompting for a username or password. The authorization
attributes set on user last-resort-wired are applied to the user.
through
step 9
to obtain and install EAP (802.1X) and Web-based AAA certificates.
through
step 14
to install the CA's certificate for EAP (802.1X) and Web-based AAA.
Nortel WLAN—Security Switch 2300 Series Configuration Guide
Managing keys and certificates 465
- Quick Links:
- Using the Command-Line Interface
Hide quick links:
Advertisement
Table of Contents
